Cybersecurity Awareness

Fake Email Account Suspension email

December 2, 2024

This fake email termination message was received by many users allegedly telling them their campus email account would be suspended.

Commonly used phony subject lines include:

'ADVANCE WARNING'

'***Urgent*** Your Account Will Be Suspended'

'ATTENTION!!! Actin Needed Now'

Tips if Something Seems Off:

UC Berkeley Help Desks will NEVER initiate contact directly via test to personal cell phone numbers

No technician will ever ask you to send them a password, DUO push code or other secret account information, especially in an insecure...

Fake UC Berkeley Financial Support Program

December 4, 2024

This phony email was sent impersonating a UC Berkeley administrative department. It was attempting to get users to click with a bogus $2,250 financial bonus for eligible faculty and staff.

What makes this a phishing message?

The sender is not an @berkeley.edu sender and the login page is NOT an official CalNet CAS page.

This targeted phishing scam uses financial motivation and curiosity to attempt to get campus affiliates to send their usernames, emails, and passwords.

Tips if Something Seems Off: You will never be asked to enter your credentials into any non UCB page...

Phony Staff Assessment Doc Link

January 21, 2025

This phony Staff Assessment notification was received by many bMail users. It is part of a credential stealing attempt.

What makes this a phishing message?

The senders email is not a @berkeley.edu email, likely a compromised account from the Austin, TX school district @austinisd.org

This targeted phishing scam uses urgency indicating a task to complete.

The target page below is a free Jot webform. campus users will never be asked to enter their CalNet credentials in any site that is not a UCB CAS authentication page.

The most recent Frauds have had subject lines...

MSSND: How to Secure Devices

Device Security

If you have a personally-managed Windows, Mac, IOS, or Android device that needs to comply with MSSND requirements, follow the step-by-step instructions below for how to configure your device to meet campus policy.

MSSND #1: Patching and Updates

We also provide optional guidance to assist with achieving the “...

Security Related Events

NCSAM 2018

Smart Cybersecurity Habits

As we begin to spend more and more of our time online, it's becoming increasing important to be able to properly protect ourselves. Follow these 8 tips for forming new and better online habits:

Think twice before clicking on links or opening attachments. Verify requests for private information. Protect your passwords. Protect your stuff! Lock it up or take it with you. Keep your devices, browsers and apps up to date. Back up critical files. Delete...

Top 10 Secure Computing Tips

Top Ten Secure Computing Tips"Top 10" List of Secure Computing Tips Tip #1 - You are a target to hackers

Don't ever say, "It won't happen to me." We are all at risk and the stakes are high - both for your personal and financial well-being and for the university's standing and reputation.

Cybersecurity is everyone's...

Protecting Your Data

Overview:

Data is one of UC Berkeley’s most critical assets. The complexity and volume of the data we are taking in is growing while at the same time regulatory requirements are becoming more stringent. These factors make correctly managing data vital for ensuring its confidentiality, integrity, and availability remain intact.

The data management lifecycle:

Proper handling of data throughout its lifecycle is critical to optimizing its utility, minimizing the potential for errors, and protecting it from breaches. No...

Securing Remote Desktop (RDP) for System Administrators

How secure is Windows Remote Desktop?

Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack.

Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7,...

Enabling Full Disk Encryption

Overview

Full disk encryption protects the data on your device in the event it is lost or stolen. Without full disk encryption, if the data drive in the computer is removed, the data can be easily read and accessed. When correctly deployed, full disk encryption requires unauthorized users to have both physical access to your device as well as the password in order to decrypt the data on your device.

However, if both the password and the recovery key are unknown or lost, the device cannot be decrypted and the...